The Road to Becoming GDPR Compliant – How to Comply with GDPR?

The Internet has remarkably changed the way we communicate with each other, and how we deal with everyday tasks. We send emails, we share documents and pictures, we use our bank information to pay the bills and purchase goods by entering our personal details online without having a second thought. However, have you ever wondered how much of your personal data you have shared online? Or what happens next to the information you provided and do companies comply with GDPR regulations when gathering your data?

Companies often tell that they collect all this data in order to provide us with better customer experience. But, is that what they really use the data for?

How to comply with GDPR regulations?

This question provoked the EU institutions to activate a new European privacy regulation in May 2018, called GDPR, that permanently changed the way businesses collect, store and use their customers’ data. The main purpose of GDPR is to give individuals more power over their data, and less power to the organizations that collect and use such data for financial gain.

Although the implementation of GDPR should be seen as an opportunity to implement better data business practices, and establish and maintain trust with your customers, still, many companies are skeptical when it comes to implementing GDPR in their everyday work.

Numbers confirm that many companies are failing to comply:

• 80% of businesses know just a few details or nothing about GDPR (Dell and Dimension)
• 20% of businesses believe they are now GDPR complaint (TrustArc)
• 60% of tech companies are not ready to become GDPR complaint (The Ponemon Institute)

What does this mean for Sales.Rocks’ customers?

We comply with GDPR. If you are a Sales.Rocks customer, you know that our team is fully committed to protecting your data privacy in the cloud, and we are committed to meeting the provisions outlined in the new GDPR policy. Additionally, due to Sales.Rocks’ commitment to your privacy, our platform already conforms with many GDPR provisions, such as privacy by design, the right to information, data portability, and the right to data erasure. 

What is Sales.Rocks doing to address data protection regulations?

Sales.Rocks is dedicated to provide GDPR compliance. We hired a Data Protection Officer (DPO) who works hard to ensure full compliance with the regulation in business data practices. In addition to the GDPR effective date, we use:

• 2-way authentication password (additional security layer that helps address the vulnerabilities of a standard password-only approach)
• Cookie policies (small pieces of data, stored on your computer or another device when websites are loaded in a browser used to “remember” you, and your preferences)
• Audits (testing the processing of personal data within the company in order to identify any risks or non-compliances)
• Privacy by design (requires that all company departments look closely into their data, and mind how they handle it)
• Regular employees training (e.g. webinars, quizzes, seminars) regarding applicable data protection rules, and the above-mentioned policies and procedures.

Why we use ‘cookies’ to improve our service, and your web experience?

Most websites, including Sales.Rocks, use cookies to improve their user’s browsing experience. Cookies are small amounts of information in a form of text files sent by our website to your computer, mobile phone or other devices when you visit our website. We may collect information about your computer for system administration when your IP address is available, such as operating system and browser type. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual whatsoever.

Sales.Rocks uses Zoho SalesIQ for its chat room functionality and for identifying when logged in customers are on the website. Visitors at Sales.Rocks website are informed about what kind of cookies we use, and what we store about them. This process is constantly being updated.

How do we deal with sensitive information?

Our team is aware of the type of data that is being collected and stored within our database. We do not process or use sensitive information that includes:

• Government ID, and financial account numbers
• Health, genetic, and biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation or preferences

What is our data protection plan?

By understanding the kind of data we have in our database, and how it was collected, we developed clear policies that outline our data practices and plan for how we comply with GDPR regulations. 

Sales.Rocks created a data protection plan that addresses issues about:

• Data collection
• Notification requirements and practices
• The purposes for which the data will be used
• Practices for updating data and erasing old data
• Security procedures

Wrap up

Sales.Rocks will continue to strengthen our commitment to ensuring full GDPR compliance in advance of May, 25th 2018 enforcement date. The process of implementing GDPR may seem complicated and overwhelming, but by partnering with Sales.Rocks, you are ensuring the easiest route to full compliance for your business. 

Feel free to contact our knowledgeable team for any additional questions or concerns. We’re happy to help!